Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to use tstats to show unique list of hosts for a specified index?

russell120
Communicator
‎07-12-2019 08:38 AM

Hi, I'm using this search: | tstats count by host where index="wineventlog" to attempt to show a unique list of hosts in the wineventlog index.

But I get this error: Error in 'tstats' command: Invalid argument: 'index=wineventlog'

How do I form my search to use tstats (not stats) to return a unique list of hosts within a specific index? (in this case, wineventlog)?

Tags (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

adamblock2
Path Finder
‎07-12-2019 09:19 AM

Try the following: | tstats count where index="wineventlog" by host.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎07-12-2019 09:23 AM

What about - | tstats count where index="wineventlog" by host? works for me ...

0 Karma
Reply
Solved! Jump to solution
Solution

adamblock2
Path Finder
‎07-12-2019 09:19 AM

Try the following: | tstats count where index="wineventlog" by host.

0 Karma
Reply
Solved! Jump to solution

russell120
Communicator
‎07-12-2019 12:24 PM

Perfect, thanks bro.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...